The total number of installs for these malicious Play Store apps is over two million.
It’s unfortunate how frequently we learn that apps on Google’s platform contain malware (though they aren’t the only ones who have this issue). Every time a new trojan is discovered, we are reminded to be cautious when downloading new apps. The recently discovered apps have a combined download count of over two million this time, indicating many devices have been affected.
Cybersecurity The Play Store has a trojan called “Fast Cleaner & Cooling Master” that Doctor Web found. This app claims to be for OS optimization and will enhance Android performance on your smartphone. Instead, the app displays advertisements on the victims’ smartphones or uses those devices as proxy servers while secretly communicating with developers via AppMetrica Push SDK or Firebase Cloud Messaging. Third parties could send traffic through your device if the app were installed on your Android.
Although not ideal, this app’s less than 1,000 downloads don’t constitute a significant malware outbreak. Doctor Web found additional trojans, though, that were used to load particular websites and communicated with their developers via Firebase Cloud Messaging. Three applications were found to be suitable in this case: “Volume, Music Equalizer” with 50,000 downloads, “Bluetooth & Wi-Fi & USB” driver with 100,000 downloads, and “Bluetooth device auto connect” with 1,000,000 downloads. To avoid Android’s Bluetooth settings menu whenever you want to join, Bluetooth device auto-connect promoted itself to strengthen your Bluetooth connection and offer an automatic connection to Bluetooth devices.
The trojan with the most downloads isn’t the only one called “Bluetooth device auto connect.” The fact that “TubeBox” attracted people as an easy way to make money likely contributed to its over one million downloads. Users could theoretically earn coins and coupons by watching ads-containing videos in the app, which they could then exchange for real money. Due to “problems reported by the app,” nobody could use their credits, which was a problem. The app never intended to pay users any money, as you might have guessed. Instead, the developers kept all ad revenue from users’ viewing history. Although we don’t have statistics on those figures, the fact that the app was downloaded more than a million times suggests that the scammers got away with quite a bit of fake money.
Protect yourself from malware apps on Google’s Play Store
Sadly, Google doesn’t offer any warnings that an app you’re looking at might contain malware. Once an app has received its approval, it will appear in the store alongside other apps until Google learns something about it and orders its removal. However, you can take precautions to protect your device and yourself.
Before downloading an app, always look at its Play Store page. Is the app’s name logical? “Bluetooth & Wi-Fi & USB” is a terrible app name that immediately makes me think of malware. Check the app description and graphics after that. Does everything appear to have been thought out and put together well? The intended use of the app should match the description. Are things spelled incorrectly or written poorly? Those may be major caution signs.
Reviews are also very beneficial. Malware downloaders frequently voice concerns about the app’s impact on their phones. You may receive complaints from users about how many ads they receive, how slowly the app makes their phone, or how the app functions differently than intended. Stay away if you notice enough of these red flags.